Friday, March 16, 2012

login problems

Im working on a login script to my site but it won't work :\

Sub Page_Load(sender As Object, e As EventArgs)
 If Not Session("user") Is Nothing Then
 Panel1.Visible = false
 End If
End Sub
Sub Button1_Click(sender As Object, e As EventArgs)
 If ValidateUser(TextBox1.Text, TextBox2.Text) = true Then
 Session("user") = TextBox1.Text
 Response.Redirect("menu.aspx")
 Else
 TextBox1.Text = ""
 Response.Write("<script language=javascript>alert('Fel användare" & chr(47) & "lösenord!');<" & chr(47) & "script>")
 End If
End Sub
Public Function ValidateUser(ByVal name As String, ByVal password As String) As Boolean
 Dim conn As SqlConnection
 Dim cmdSQL As SqlCommand
 Dim strSQL As String
 Dim intReturnValue As Integer
 conn = New SqlConnection("server=(local);database=main;Trusted_Connection=yes")
 strSQL = "SELECT COUNT(*) FROM hoof_users WHERE nick=" & name & " AND password=" & password
 cmdSQL = New SqlCommand(strSQL, conn)
 cmdSQL.CommandType = CommandType.Text
 Try
 conn.Open()
 intReturnValue = cmdSQL.ExecuteScalar
 Catch ex As Exception
 Return False
 End Try
 conn.Close()
 If intReturnValue > 0 Then
 Return True
 Else
 Return False
 End If
End Function

the problem is that the VaildateUser function always returns false... :\You are likely getting an exception, catching it and just returning False. Try this:

strSQL = "SELECT COUNT(*) FROM hoof_users WHERE nick='" & name & "' AND [password]='" & password & "' "

Note the extra single quotes. Better,use parameters.

Also, you should not just catch the exception and return false. That could mean anything, and so if there is any reason why the failure might occur, special case that, but do not just swallow the exception.


 conn = New SqlConnection("server=(local);database=main;Trusted_Connection=yes")
 strSQL = "SELECT COUNT(*) FROM hoof_users WHERE nick=@.nick AND [password]=@.password"
 cmdSQL = New SqlCommand(strSQL, conn)
 cmdSQL.Parameters.Add(New SQLParameter("@.nick", nick))
 cmdSQL.Parameters.Add(New SQLParameter("@.password", password))
 cmdSQL.CommandType = CommandType.Text

i added Response.Write(ex.Message) to the code and it wrote:

The text, ntext, and image data types cannot be compared or sorted, except when using IS NULL or LIKE operator.
You have declared rick and/or password columns in table as text. Use nvarchar(50) (presuming 50 is long enough). The text type (or ntext) is for VERY long text.
thx alot :]

Posted by nonfictionnmqo at 10:23 PM
Labels: , , , , , , , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)